api-design-rest
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill metadata and instructions are focused on API design and governance without any evidence of prompt injection, obfuscation, or data exfiltration.
- [COMMAND_EXECUTION]: The skill includes a local script 'scripts/validate_api_contract.py' for validation. This script uses only standard library modules for JSON processing and structural validation, and it does not perform any network operations or execute arbitrary system commands.
- [SAFE]: An analysis of the indirect prompt injection surface was performed. 1. Ingestion points: manifest JSON files in the assets directory. 2. Boundary markers: None present. 3. Capability inventory: execution of the local validation script and API contract drafting. 4. Sanitization: the script performs structural and type validation on the manifest data.
Audit Metadata